Microsoft has linked Chinese hacking groups Linen Typhoon, Violet Typhoon, and Storm-2603 to recent exploitation of vulnerabilities in on-premises SharePoint Servers. These threat actors use sophisticated methods including web shells and behavioral evasion techniques to compromise targets, emphasizing the urgency for organizations to update their systems. #LinenTyphoon #VioletTyphoon #Storm2603 #SharePointVulnerabilities
Keypoints
- Chinese threat groups Linen Typhoon, Violet Typhoon, and Storm-2603 are exploiting SharePoint Server vulnerabilities.
- The exploited flaws include CVE-2025-49706, CVE-2025-49704, and bypass CVEs CVE-2025-53771 and CVE-2025-53770.
- Attackers deploy web shells such as βspinstall0.aspxβ to steal data and establish persistence.
- Microsoft recommends updating systems, rotating keys, and deploying endpoint security solutions for mitigation.
- Previous cyber campaigns linked to China include exploits of Exchange Server and cyber attack charges against individuals.
Read More: https://thehackernews.com/2025/07/microsoft-links-ongoing-sharepoint.html